Detecting insecure cross-domain policies
Cross-domain and client access policies need to be checked for overly permissive permissions. Insecure configurations allow cross-site request forgery attacks and could be abused to obtain sensitive data from web servers. The http-cross-domain-policy
script will help us detect these insecure configurations and check whether there are any domain names available for purchase to abuse the configuration.
This recipe shows how to detect insecure cross-domain policies in web servers with Nmap.
How to do it...
Use the following Nmap command to check the cross-domain policies of a web server:
$ nmap --script http-cross-domain-policy <target>
A vulnerability report will show up if the client access or cross-domain policy files are found. Additional information will be included to manually analyze the issue:
PORT STATE SERVICE    REASON 8080/tcp open    http-proxy syn-ack | http-cross-domain...